digital signature

A digital file attached to an e-mail or other electronic document that uses encryption and decryption algorithms to verify the document's origin and contents.

digital signature - Computer Definition

A security mechanism issued by a certificate authority (CA) and appended to a digital certificate in order to allow a receiver to verify that a message has not been altered since its creation by a sender. See also CA and digital certificate.

Representing a written signature found on
paper, a digital signature is actually a digitalized code that can be included
with a digital message to identify a sender. A digital signature must somehow
guarantee that the person sending the digital message is really who he or she
claims to be. Used in many electronic business transactions today, digital
signatures must be not forgeable. Therefore, a number of encryption techniques are utilized to
guarantee a high level of security with digital signatures. In the year 2000, a
law was passed in the United States making it legitimate for legal documents to
be signed using digital signatures.

A digital guarantee that information has not been modified, as if it were protected by a tamper-proof seal that is broken if the content were altered. The two major applications of digital signatures are for setting up a secure connection to a Web site and verifying the integrity of files transmitted (more below).
An Encrypted Digest
The digital signature is an encrypted digest of the file (message, document, driver, program) being signed. The digest is computed from the contents of the file by a one-way hash function, such as MD5 and SHA-1, and then encrypted with the private part of a public/private key pair (see RSA). To prove that the file was not tampered with, the recipient uses the public key to decrypt the signature back into the original digest, recomputes a new digest from the transmitted file and compares the two to see if they match. If they do, the file has not been altered in transit by an attacker. See MD5.

An Encrypted Digest

A digital signature is an encrypted digest of a file. The digest was created with a one-way hash function from the file's contents.

Signed Certificates
The first major application for digital signatures is digital certificates. "Signed" digital certificates are used to verify the identity of an organization or individual. They are widely used to authenticate a Web site in order to establish an encrypted connection for credit card and other confidential data (see SSL and digital certificate).
Signed Files
The second major application for digital signatures is "code signing," which verifies the integrity of executable files downloaded from a Web site. Code signing also uses signed digital certificates to verify the identity of the site (see code signing and digital certificate). Also see digital envelope and electronic signature.

The Illustrations Below

The following two illustrations show how digital signatures are used for data integrity in both non-private and private exchanges. Because of the requirement of disseminating keys, the following methods are used mostly between two parties that communicate with each other on a regular basis and not by the public in general. The references to the man and woman are used to help explain the concept; however, all functions are automatically performed by the software.

Integrity, But No Privacy

The woman makes her message tamper proof by encrypting the digest into a "digital signature," which accompanies the message. At the receiving side, the man uses her public key to verify the signature. However, the message text is sent "in the clear" and could be read by an eavesdropper.

Message Integrity and Privacy

In this example, the woman signs her message and also encrypts the signature and message with the man's public key for privacy (confidentiality). When he receives the encrypted signed message, he decrypts it with his private key to expose the text he can now read along with the signature. He then verifies the signature to ensure the message was not tampered with.